sshd | Linuxaria

How to Chroot SFTP Users on Linux for maximum security

Jan 192014

Article by Rahul Panwar first posted on http://linuxexplore.com/

A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. The term “chroot” may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a “chroot jail”. From Wikipedia.

Why it is required? If you want to set up your Linux box as a web hosting server for its users, you may need to give SFTP access. But they can get access to whole system Linux tree, just for reading but still very unsecure. So it is mandatory to lock them in their home directory.

There are many other applications, it’s just a common example, so lets start its configuration.

SSH in 2 steps on Linux with Google Authenticator

Guides 1 Response »

Dec 282013

Article by Alessio bash, first published on his blog

Many security policies require you to change the port number of the SSH service to ensure greater security in a Linux system. Situation now used throughout the IT world and used mostly by users who have their own private server. Today I want to show you how to add another security layer without having to change the SSH port. To do this we’ll incorporate the famous Google Authenticator to our ssh service, in this way we’ll have a safe, two steps security, by entering our password and the combination given from the GA application. Let’s see how to do this… Continue reading »

Add security to your ssh daemon with PAM module

Guides, Pills No Responses »

Nov 232012

In the past I’ve published some info to enhance the security of your ssh server such as 3 easy steps to strengthen your ssh server or how to use SSH for more secure browsing in public networks, today we’ll take a look at the PAM modules of GNU/Linux and in particular the module ssh and at some options that we can activate to strengthen our ssh server.